Pardon me if I'm beating an already dead horse here. But with the recent news on the breaking of MD-5, SHA-1, etc., I was wondering: is there a way for OpenSSL to use symmetric key ciphers as hashing algorithms?
As I understand it, given a symmetric key cipher c = f(k,p) where c is the ciphertext, k is the key, and p is the plaintext, where c and p are both m bits in length and k is n bits in length, you can turn this into a hash function. The hash fuction has an internal state (and final hash value) of m bits and hashes the input text in blocks on n bits. Giving an initial internal state of s, and a text block b, you calculate the new internal state s' as s' = f(b, s). Note that the text block goes into the "key" parameter of the initial cipher, while the original internal state is the "plaintext". Note also that this assumes the cipher text has no weak keys for obvious reasons- DES and 3DES are bad choices, as is IDEA IIRC. But AES, Blowfish, Twofish, etc. should all work.
Thanks.
Brian
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
